ACL Status

This page shows the ACL (Access Control List) status by different ACL users. Each row describes the ACE that is defined. It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations. The maximum number of ACEs is 256 on each switch.

Click to expand in new window
../Graphics/monitor_security_network_acl_status.png
Object Description
User Indicates the ACL user.
Ingress Port Indicates the ingress port of the ACE. Possible values are:
  • All: The ACE will match all ingress port.
  • Port: The ACE will match a specific ingress port.
Frame Type Indicates the frame type of the ACE. Possible values are:
  • Any: The ACE will match any frame type.
  • EType: The ACE will match Ethernet Type frames. Note that an Ethernet Type based ACE will not get matched by IP and ARP frames.
  • ARP: The ACE will match ARP/RARP frames.
  • IPv4: The ACE will match all IPv4 frames.
  • IPv4/ICMP (Internet Control Message Protocol): The ACE will match IPv4 frames with ICMP protocol.
  • IPv4/UDP: The ACE will match IPv4 frames with UDP protocol.
  • IPv4/TCP: The ACE will match IPv4 frames with TCP protocol.
  • IPv4/Other: The ACE will match IPv4 frames, which are not ICMP/UDP/TCP.
  • IPv6: The ACE will match all IPv6 standard frames.
Action Indicates the forwarding action of the ACE.
  • Permit: Frames matching the ACE may be forwarded and learned.
  • Deny: Frames matching the ACE are dropped.
  • Filter: Frames matching the ACE are filtered.
Rate limiter Indicates the rate limiter number of the ACE. Valid range is 1 – 16. When Disabled is displayed, the rate limiter operation is disabled.
Port Redirect Indicates the port redirect operation of the ACE. Frames matching the ACE are redirected to the port number. The allowed values are Disabled or a specific port number. When Disabled is displayed, the port redirect operation is disabled.
Mirror Specify the mirror operation of this port. The allowed values are:
  • Enabled: Frames received on the port are mirrored.
  • Disabled: Frames received on the port are not mirrored.

The default is Disabled.

CPU Forward packet that matched the specific ACE to CPU.
CPU Once Forward first packet that matched the specific ACE to CPU.
Counter The counter indicates the number of times the ACE was hit by a frame.
Conflict Indicates the hardware status of the specific ACE. The specific ACE is not applied to the hardware due to hardware limitations.
Buttons
../_Common/../Graphics/auto_refresh.png Refresh the page automatically every three seconds.
../_Common/../Graphics/refresh.png Refresh the page immediately. Any non-committed changes will be lost.